Re: ✅ Paradice.in | 🍀 Provably Fair Casino 🎲 | Big Faucet | 1% House Edge 💰|
A few critical points...
According to your Provably Fair Explanation
It says you use Combination = Server Seed + Client Seed + Nonce and Hash = SHA512 (Combination)
This formula/statement is false and misleading.
Given the values:
According to your Verification page
1. The Combination Value is wrong. It shows "clientc678cae375a07e4456a5532a19e5b1311d3434795f5bcdf50e7f4f27ae660d5d0" but on your explanation above it should be "c678cae375a07e4456a5532a19e5b1311d3434795f5bcdf50e7f4f27ae660d5dclient0" - (this is still wrong btw, read below)
2. The SHA512 value shows "8c0bd8c9ad2261ccaf0650de9135088484085d328293a42ce9a69e734f93ded96ae3a6f6e31c908 3a59e97650d97a0f3eda8e71d0210ef44f9132214ccfb9531" which is also wrong if we follow the given formula above.
Even if we hash either "clientc678cae375a07e4456a5532a19e5b1311d3434795f5bcdf50e7f4f27ae660d5d0" or ""c678cae375a07e4456a5532a19e5b1311d3434795f5bcdf50e7f4f27ae660d5dclient0" both will not result to the SHA512 that is being shown (you can test it here https://www.convertstring.com/Hash/SHA512)
Question is: Where did that SHA512 result come from? Why is the formula given not resulting in the correct values?
The answer is: You actually don't use SHA512. But instead, you are use HMAC-SHA512. HMAC-SHA512 accepts a message and a secret value. And in site's case, the message is constructed like "ClientSeed:Nonce" (the : is included), and the ServerSeed acts as the secret value.
There's a big difference between the two, SHA512 and HMAC-SHA512. The correct formula is:
If you expect players to just trust your verifier, you'd be mistaken and this could lead to many concerns.
Here is a quick verifier that would explain the verification properly. https://codepen.io/uniibu/full/OJyyNgL
Cheers!
According to your Provably Fair Explanation
It says you use Combination = Server Seed + Client Seed + Nonce and Hash = SHA512 (Combination)
This formula/statement is false and misleading.
Given the values:
Code:
const ServerSeed = "c678cae375a07e4456a5532a19e5b1311d3434795f5bcdf50e7f4f27ae660d5d"
const ClientSeed = "client"
const Nonce = 0;
const ClientSeed = "client"
const Nonce = 0;
According to your Verification page
1. The Combination Value is wrong. It shows "clientc678cae375a07e4456a5532a19e5b1311d3434795f5bcdf50e7f4f27ae660d5d0" but on your explanation above it should be "c678cae375a07e4456a5532a19e5b1311d3434795f5bcdf50e7f4f27ae660d5dclient0" - (this is still wrong btw, read below)
2. The SHA512 value shows "8c0bd8c9ad2261ccaf0650de9135088484085d328293a42ce9a69e734f93ded96ae3a6f6e31c908 3a59e97650d97a0f3eda8e71d0210ef44f9132214ccfb9531" which is also wrong if we follow the given formula above.
Even if we hash either "clientc678cae375a07e4456a5532a19e5b1311d3434795f5bcdf50e7f4f27ae660d5d0" or ""c678cae375a07e4456a5532a19e5b1311d3434795f5bcdf50e7f4f27ae660d5dclient0" both will not result to the SHA512 that is being shown (you can test it here https://www.convertstring.com/Hash/SHA512)
Question is: Where did that SHA512 result come from? Why is the formula given not resulting in the correct values?
The answer is: You actually don't use SHA512. But instead, you are use HMAC-SHA512. HMAC-SHA512 accepts a message and a secret value. And in site's case, the message is constructed like "ClientSeed:Nonce" (the : is included), and the ServerSeed acts as the secret value.
There's a big difference between the two, SHA512 and HMAC-SHA512. The correct formula is:
Code:
// hmac512(message, secret)
hmac512( ClientSeed + ":" + Nonce, ServerSeed )
hmac512( ClientSeed + ":" + Nonce, ServerSeed )
If you expect players to just trust your verifier, you'd be mistaken and this could lead to many concerns.
Here is a quick verifier that would explain the verification properly. https://codepen.io/uniibu/full/OJyyNgL
Cheers!